Welcome to this quick guide on how to get mostly off of the internet, this is aimed at people who want to be privacy conscious and are based in Sweden, though most of what is written applies to everyone. This isn’t a guide to remove ALL data about you, nor is it a guide on how to put less data on the internet. Rather this is a guide on how to remove yourself from the searchable internet, making it harder for a bad actor using OSINT techniques to find out everything about you.
OSINT stands for OpenSource Intelligence, it is the fancy name for “doxxing” which is old internet speak for the act of getting the “dox” or “documents” on a particular person. The way it works, is an attacker will take a target as a starting point, that could be an instagram profile, a name, a photo, any identifiable bit of information, and then use all of the open and queryable data on the internet to try and piece together a profile of who was posting it. If successful they can find out a lot of information about someone. Name, photo, email, phone, address, workplace, associations, really everything.
If a bad guy comes a looking, we want to make it as hard for them as possible. It is worth remembering that a determined attacker is likely to find something, as it often only takes one slip up on our side to lead them back to us; plus a very determined attacker may use paid services, private websites, freedom of information requests and even social engineering. So don’t think you are safe if you apply this knowledge you still need to use good opsec practices and be wary of what you share online.
We have this feeling that if something is on the internet, it is on the internet FOREVER, and this is sort of true to an extent. Digital media can live in an archive for decades and be republished (or leaked) anytime someone makes the effort to, however storage is expensive and companies shutdown often. I had a MySpace page, it’s not there anymore, for all intents and purposes it is gone from the internet, time will remove a lot of what you put out there. So the first thing you can do to help is STOP PUTTING YOURSELF ON THE INTERNET, you don’t need to do it! That doesn’t mean you can’t create and share content, you totally can, but why do you need to do it under your own name? You don’t, keep your private life out of any content you post. The sooner you start doing this, the better.
Now down to businesss, step one, Google yourself. That could be your full name, your face (Yes that’s a thing, more on it later) or your social media username; what do you find? Probably something, maybe an old account you made 10 years ago using the same username, maybe your social media accounts, maybe those fucking swedish sites giving all your data out. This is what an attacker will see, so this is what we need to change.
We can split the results we find into two categories, things we have control over, and things we don’t. For instance if the top result is your Facebook profile, you control that profile, and can do something about it without having to get creative. Ideally you delete the account because, the sooner you delete Facebook the sooner Meta will collapse. Protip you can delete your Facebook account and KEEP ACCESS TO MESSENGER, this makes it a lot easier for people to make the transition away from Meta services towards Signal. If you aren’t yet ready to delete the account, you can simply lock it the fuck down. Facebook actually gives you quite a lot of tools to do that, and you can make an account private to anyone you aren’t already friends with.
Once you have gone through these accounts/websites you have control over, and either deleted your account, or locked them down as much as possible, there is one small hiccup a thing called “caching”. Caching is a part of the internet that is used everywhere for all sorts of good reasons, essentially servers (and your browsers!) store a copy of the data you are requesting, so that the page can load faster and not put as much stress on the servers. What this means is if you change a web page, everything that relates to that page will not update instantly to reflect the changes. You can see this most notably in Google search results, for example if you delete your Facebook profile, it will still come up in Google results.
There are a couple of fixes for this, one is to simply wait. Caches will be updated periodically and eventually it will reflect the correct results. However maybe you want it done sooner than later, thankfully there are tools to help with this. Google has a tool you can access here. Simply click “New Request” > “To refresh Google’s outdated result for a webpage that has changed” (Default) > “Next” > Paste in the URL you found on Googles search results, for the now out of date page, and then hit “Sumbit”. It may ask you to enter text that was on the old page as it didn’t detect a change, just pick a word that will have been removed, and then you can submit it. It might take a couple of days for this to update, but it seems to be pretty random, some have been done in hours, others take days.
Bing also has a tool available here. Not many people use Bing, but if you want to cover your tracks it is important. It is also worth noting that DuckDuckGo pulls results from Bing, so DuckDuckGo doesn’t have a tool available. I think this is why it is important to use the Bing tool in addition to the Google one, as there is a good chance hackery types will be using DuckDuckGo. I also tried out Yahoo out of curiosity, and it was useless, so I didn’t worry about it. It’s quite scary that there is now really only Google and Bing, and Bing is terrible, and Google is getting worse every day. Two companies gatekeeping the internet is worrying.
If you weren’t aware, the tax office in Sweden publishes contact details for everyone in Sweden. While this has some utility, it is also a massive breach of privacy, especially when there are these websites that host the information free for all to search and access. Luckily though, most of them allow you to opt out of appearing in their free searches, here is how you can do it.
I suggest using this as an opportunity to set a calendar reminder every month to resign MrKoll.se, but also to do a quick search for yourself and see if anything new has come up in search results.
If there are websites you can’t control, (like MrKoll.se), there is thankfully an answer. Google and Bing both offer GDPR removal forms, that do seem to actually work. If your request is successful the results will be removed from searches! I tried to test if they are removed from searches from outside of the EU too, and I think they are, but would like more confirmation on that.
These takes a few days usually, I think a Human might be involved, so be polite.
There is a wonderful new website that uses facial recognition to search the internet for FACES. Yes that’s right, you can take a picture of someone, put it into PimEyes.com, and find all the faces that match your picture across the internet. Mask up. Thankfully you need to pay for their service to get access to the exact pages that are hosting the pictures, which means a cheap/lazy attacker may not get all they want. You however can use their service for free, and most likely will recognise the photos and can go hunt them down for removal. Definitely worth doing if you want to be thorough!
This is a lot of work, and it can be a bit of a pain in the ass, but if it’s something you are concerned about (and I’d argue it should be if you are an activist or target of hate) you can do something about it, and get a bit more peace of mind.